Packet Sending for Beginners
Note that this page contains two guides. The more in-depth one is towards
the bottom. First one gives a good overview however. Since the
release of 1.11 a lot of these methods will not work on realms OR they are
detectable and will get your account banned. We cant impose enough, that
if you try this, please do it while you're not logged onto battle net. We
are not responsible for how you use this guide and any damages it may incur.
It is here for learning purposes only.
by: After-Death & EvilCheese
Intro: What is a packet?
A packet is a 'piece' of data sent from your client (your instance of diablo2)
to the battle.net server. The server then takes this packet, processes whatever
actions are sent in the packet of data and often sends some packets back to you.
The packets which come back to you are RECEIVED packets.
The key thing to understand here is that sent packets can cause things you may
wish to exploit. Receiving packets yourself manually, using D2hackit like this
for example..
.receive 9c 12 0a 56 98 .. .. ..
Does not represent anything happening at the server, and is known as a
clientside effect. For example. If you sniff the received packet next time an
item drops to the floor, and receive it again, you'll see an item drop to the
floor. But it will not really be there.
How is a Packet Made Up?
All packets have an identifying first byte. Here are some examples:
17 0a 0f e5 48 - Drop item to ground
19 0a 0f e5 48 - Pick item up from inventory to cursor
60 - Switch Weapons
This first byte identifies the packet. A 17 packet will always try to drop an
item to the ground. A packet with the first byte 19 will always try to pick the
item up from your inventory to your cursor. Of course, this only works if the
item is in your inventory, and if there is nothing on your cursor.
Packets are then made up of bytes, words, and doublewords (dwords for short.)
Here is what they look like:
00 = one byte
00 00 = a word
00 00 00 00 = a dword (or 4 bytes!)
Lets look at the 33 packet as it is often seen to be the most confusing to an
unskilled packeteer. This packet sells an item to an NPC.
Here is the format of the packet.
33[XX XX XX XX][YY YY YY YY][ZZ ZZ ZZ ZZ][aa aa aa aa]
The 33 packet contains the first byte 33, then 4 dwords as shown above.
The first dword, [XX XX XX XX] is the ID of the NPC we want to sell the item to.
Next we have the item ID, [YY YY YY YY], the second dword. The third dword
represents where we are selling an item from. ([ZZ ZZ ZZ ZZ]) The final dword is
the value in gold that the item will sell for. In reality we dont need to
calculate it as the server does it anyway. So enter any number, 01 01 01 01 is
easy to type.
Now you have seen the structure of a packet, with its parts identified. All
these packet structures can be seen in the d2hackers packet list:
url to be appeneded
That's great, but how do I find the values for these 'ID's ?!?!
The next section covers common packet questions, and common sniffing tasks.
The simplest way to find an item is using the 19 packet. Place an item in your
inventory. Set your sniffer to display 19 packets.
If you are using snifferxp or snuff with d2hackit, type the following:
.snifferxp show s 19
.snuff show s 19
Now click on the item. Your sniffer will display a line like this:
19[XX XX XX XX]
XX XX XX XX is the ID of the item!
Say your sniffer showed this: 190abd2f7e - the item ID is 0abd2f7e We can test
this in some other packets now. According to the packet list, the 17 packet to
drop an item from cursor to the ground is like this: 17[DWORD Item ID]
So if we type the following, with the aforementioned item on our cursor, it
should fall to the ground:
.send 170abd2f7e
Try it !
Key Packets
There are a couple of important received packets. Not because they affect the
server in any way, but they allow you to beat some GUI restrictions.
The most important one (before people truly understood all of the packets, and
for convenience) is the oneside packet.
.receive 770c
Receive this packet in trade and it will seem like you are not in the trade. You
are, but the graphic for the trade window has gone! You can run around. But you
wont be able to send certain packets, such as 13 and many packets will cause
battle.net to drop you from the game. For example if you send the 17 packet to
drop an item to the ground in trade, or go onesided and drop it manually by
clicking, you will still be disconnected from the game for trying to dupe.
OK, now you know something. Lets try some old patched methods. You need
d2hackit and
snifferxp or
snuff. Snuff is better and easier to use, so try with it.
This method is the old potmatrix dupe, try it in single player since it's
patched in realms. Originally posted @ BH by Comi.
PotMatrix Dupe Example
Description:
Sells a belt item repeatedly without losing the item. Only worked for belt
items, it was never possible to equip an item such as a ring to your belt and
dupe it. Used to get lots of full rejuve potions, and to spawn gold for
gambling.
Requires: 1 Person, D2Hackit + Modules(Snuff/Sniffer)
Can Dupe: Any belt item (scroll, potion)
Packets To Sniff: 13,19/24
Method
1. Sniff the id (19 ZZ ZZ ZZ ZZ) of the item you want to dupe by lifting to
cursor from inventory, or sniff the 24 ZZ ZZ ZZ ZZ packet by lifting item
directly from belt.
2. Place the item in any belt slot.
3. Go into trade with an NPC, find the NPC's ID: (13 01 00 00 00 XX XX XX XX),
4. Send this packet:
33[XX XX XX XX][ZZ ZZ ZZ ZZ][02 00 00 00][01 00 00 00]
XX = Gheed ID
ZZ = Worn Item ID
5. The item will sell to the npc and will not leave your body.
6. Buy the item back(if you have enough money).
7. Repeat as many times as you want.
I'll make it a little clearer.
- use d2 in windowed mode
- first load snuff with ".load snuff"
- since you need to see packets 13 and 19/24 type ".snuff show s 13 19 24"
The rest you should figure out by yourself. If everything goes fine, the potion
should be sold at npc and you should still have it in your belt buffer.
Beginner's Guide to Packets
Here's a little tutorial I wrote some time ago. I've dusted it off and updated
it a touch for 1.10. I dont know how useful it will be, but I'm sure someone
will get something from it.
It covers basic loading of modules, sniffing, packet sending etc... as well as
some simple theory.
Anyway... here it is:
************************************************** ****
D2Hackit / Packet sending FAQ/Tutorial for ******s (and oldies)
Version 0.6
Written by
If you see it anywhere else then it's not where it should be.
************************************************** ****
Contents
1)Introduction
1.1)What is D2Hackit?
1.2)Essential Files.
1.3)Installing D2Hackit and modules.
1.4)Running D2Hackit and modules.
2)Packets
2.1)What are packets?
2.2)Why send packet?
2.3)How do I send packets?
2.4)What does the "receive" command do?
2.5)How do I find out which packet does what?
2.6)What's a BYTE / WORD / DWORD?
3)Using packets to do something.
3.1)Getting IDs.
3.2)Picking up an item from your inventory.
3.3)Selling an item using packets.
4)Afterword.
************************************************** *****
1) Introduction.
1.1) What is D2Hackit?
D2Hackit is a program that loads itself "into" the D2 game. It ties into several
of the core game functions, allowing module coders access to those functions to
perform actions such as sending packets, as though it was the game itself that
was carrying out those actions.
Although it has several very useful functions, D2Hackit is not an end in itself,
but merely a means to an end. The real functionality and usefulness of it lies
in the Modules which we use with it.
These can be as simple as packet senders/sniffers, or as complicated as a
shopping bot.
1.2) Essential Files.
For the purposes of the tutorial sections, you will need the following files:
-D2Hackit
-Diablo2
-Sniffer module
-Bind module
Be careful, and make sure you only download these files from trusted sites. Scan
them thoroughly with up-to-date virus scanning software, and check your system
after running, to make sure you havent inadvertantly installed a keylogger on
your machine.
1.3) Installing D2hackit and modules.
Installation of D2Hackit is extremely simple. Just extract all the files from
the zip to any directory on your hard drive. It doesnt matter in the slightest
where you put it, so long as you know where it is.
Installing modules is exactly the same. Extract any modules you wish to use into
the same directory as D2Hackit. There will normally be a .d2h file, and perhaps
an .ini file and a .txt file also. Make sure these are all in the same directory
as loader.exe.
1.4) Running D2Hackit and modules.
Once you have D2Hackit installed, and any modules you wish to load, you then
need to get them working. This is done in the following way:
-Load Diablo2.
-Join/Create a game.
-Alt-tab to desktop.
-Find your D2Hackit directory.
-Double-Click Loader.exe
-Go back to D2.
You should see some text telling you that D2Hackit has loaded successfully. Now
to load our modules. I'm going to assume that we're loading the modules for the
tutorials, but the process is identical for any others too:
-Press enter to get a chat box.
-Type .load <modulename> (eg .load sniffer .load bind .load block)
You should see a message saying the module is loaded, and perhaps a brief
mention of the author.
If you want to get help or see a list of commands available in a module, type:
.help
to see all of the basic D2Hackit commands, or:
.<modulename> help
For a list of all commands in a specific module.
For help on a specific command, use:
.<command> help
or
.<modulename> <command> help
Eg.
.pickit toggle help
.sniffer hide help
.bind set help
2) Packets
2.1) What are packets?
To understand what packets are, and how they relate to D2, you first need a
little background on how D2 works when playing on closed bnet.
D2 runs as two different pieces, a server program and a client program. The
server program is what actually runs the "game"... it's where everything
actually happens.
The client program acts as a "window" into that game, allowing you to see what's
going on, and to interact with the game.
When you play on closed bnet, the server is run on Blizzard's machines, and only
the client is run on your personal computer.
Packets are pieces of information and instructions sent to and from your machine
allowing you to see and interact with the game. Almost every action you do
(Walking, Attacking, Picking up items) involves a packet being sent to the
server, and everything you see happening (other people attacking, other people
dropping items) involves a packet being sent from the server to you so that you
can see it.
Diablo 2 packets typically consist of a single byte (2 numbers) identifier (such
as 13) and then several pieces of data, usually organised into DWORDS (groups of
4 bytes, or 8 numbers).
2.2) Why send packets?
There are many reasons why you would want to send packets.
At the basic level, packet sending can be used to perform basic tasks within the
game. You can pick up items, drop them, interact with NPCs etc just using
packets.
At a more advanced level, packet sending can be used to perform actions at the
wrong times, or in a way which you would not be able to do using the standard
game client. This is useful for discovering loopholes, and exploits, which can
then be turned into hacks.
2.3) How do I send packets?
Very handily, D2Hackit has a built in command which allows you to send any
packet you like to the game server.
This command is .send, and is used like this:
.send xxxxxxxx....
Where xx represents the packet you wish to send, and varies in length according
to the packet type.
Please note that all packets are in Hexadecimal (base-16) notation, and
therefore must be an even number of letters/numbers in length. For more
information on using hex, search Google.com, there are many tutorials available
on how to use it.
Information on different packets and their uses can be found on the Blizzhackers
forums in a permanently stickied thread called "packet list" and several of the
more common packets will be covered later in this tutorial.
2.4) What does the "receive" command do?
Packets are sent both ways whilst you are playing D2. Some of them are sent from
you to the server, but some are also sent from the server to you.
You may be curious to find out what happens when you receive a particular
packet, and to find this out, the receive command is used. It fools D2 into
thinking that the packet came from the server.
The use of the function is exactly the same as the send command, and is:
.receive xxxxxxxx....
Where xx is the packet you wish to receive, and can vary in length. Again, the
packet is in Hex, and the usual rules apply.
2.5) How do I find out what packet does what?
There are many different ways to do this.
The simplest way is to look in a packet list, such as the one on Blizzhackers,
which lists most common packets and what they do.
If you want more detailed information, then you may need to sniff packets.
For sniffing packets, we use a sniffer module. Most people use either Sniffer or
SnifferXP, it's a matter of personal choice, either functions well, but for this
tutorial I am assuming you are using the basic Sniffer module.
To sniff packets with sniffer, there are two ways to go about it. You can either
sniff for specific packets, or sniff for all packets.
To sniff for a specific packet, use the following method:
-Ensure D2hackit and sniffer module are loaded.
-Type ".sniffer show s xx" to show all packets sent with the ID xx
-Type ".sniffer show r xx" to show all packets received with the ID xx
When the packets are sent or received, you will see them shown at the top left
of the screen.
Sometimes you will want to find a packet for an action, but wont know the ID.
For this you can sniff all packets. To do this:
-Ensure sniffer/D2HAckit are loaded.
-Type ".sniffer load show-all"
All packets sent and received will now appear.
To disable it, type ".sniffer load default".
2.6) What's a BYTE/WORD/DWORD?
All of these refer to hexadecimal numbers of a specific length. The precise
meaning of WORD and DWORD varies from platform to platform and processor to
processor, but for the purposes of D2 hacking and available packet lists, the
meanings are as follows:
BYTE = 8 bit binary number = 2 digit hex number
XX
eg 2F
WORD = 16 bit binary number = 4 digit hex number
XX XX
eg 2F 09
DWORD = 32 bit binary number = 8 digit hex number
XX XX XX XX
eg AB 2E FD 04
3) Using packets to do something.
Okay, so now you know what packets are, how to send them, receive them, and see
them, so what can we actually do with them?
The examples I will give here are only basic ideas to show you how to go about
using packets, and are in no way the be-all and end-all of packet techniques,
but they will give you a place to start, so you can explore more fully on your
own.
3.1) Getting IDs.
Everything in the Diablo-2 world has a unique id number. This is so the server
can keep track of all the items, monsters, NPCs and players.
Most packet actions will require one or more IDs to function correctly. This may
be an NPC ID, a player ID, an item ID, or one of many others.
Getting an ID is usually just a case of sniffing an interaction packet and
looking in the right place.
To find an NPC ID:
-Sniff sent 13 packets (.sniffer show s 13)
-Click on an NPC.
You should get a packet that looks like this:
13xxxxxxxxyyyyyyyy
xxxxxxxx is the interaction type.
yyyyyyyy is the ID of the thing you're interacting with.
You can use this to get the IDs of other things too, like your stash, quest
objectives, waypoints etc.
To find an Item ID:
-Put the item into your inventory.
-Sniff sent 19 packets (.sniffer show s 19)
-Pick up the item from your inventory.
You should get a packet like this:
19xxxxxxxx
xxxxxxxx is the ID of the item.
3.2) Picking up an item from your inventory.
This may sound like a simple task, but it will give us a little practice at
using both the sniffer module, the bind module, and the send function in
D2hackit.
We are now going to make it so that we can lift an item out of our inventory
onto the pointer just by pressing a key.
-First make sure D2hackit, Sniffer, and bind are loaded.
-Sniff the ID of the item (as described above)
-Put the item back in your inv.
-Send the packet again. ( 19[Item ID] )
This should lift the item out of your inventory and place it on the cursor. But
wouldnt it be great if we could do that just by pressing a key? Here's how:
-Put the item back into your inv again.
-Enter the command ".bind keycode" and then hit a key, this will give you a
2-digit number which is the keycode for that key, we will call that "xx" from
now on.
-Enter the command ".bind set xx xx send 19yyyyyyyy" where xx is the keycode
(yes, enter it twice) and yyyyyyy is the item code.
-Now, close your inventory and hit the key you just bound.
This should lift the item from your inventory without the screen being open at
all.
You can bind any commands you like to any key you like using this method.
It's handy for sending packets in situations where typing is not allowed (imbue
screen for example)
3.3) Selling an item with packets.
Now we've sussed out how to pick up an item from our inventory, let's see if we
can tackle something a little more tricky. This time we will sell an item to an
NPC using packets.
For this we will need both an NPC ID and an Item ID, so follow the steps above
to find those.
For this exercise, we are going to be using the "Sell item" packet. This has the
general format:
33[NPC ID][Item ID][DWORD][Cost]
-Get your NPC ID and Item ID ready, then get into the tradescreen with your
chosen NPC.
-Make sure the item you are selling is in your inventory.
-Use the command ".send 33xxxxxxxxyyyyyyyy00000000zzzzzzzz" Where is x is the
NPC ID, y is the item ID, and z is the cost (use any value you like, it wont
make a difference).
Bingo, item is gone from your inv, and is sold to the NPC, using packets.
|
|
